1. Home
  2. Sexual harassment guide for employers

Preventing and managing sexual harassment – step 4: review risk controls

Guidance for employers on when to review and revise sexual harassment risk controls.

Circle diagram showing the risk management process. Step 1: Identify hazards. Step 2: Assess risks. Includes an arrow and attached text that reads: Known risks and controls. Step 3: Control risks. Step 4: Review and revise risk control measures. Consultation is shown as a continuous step at each stage in an outer ring of the circle.

Risk management for sexual harassment

Employers should apply the risk management process to manage risks associated with sexual harassment, so far as is reasonably practicable.

The risk management process involves the following steps:

  • identifying psychosocial hazards
  • assessing, where necessary, any associated risks to health or safety
  • controlling risks to a person’s health or safety associated with psychosocial hazards
  • monitoring, reviewing and, where necessary, revising risk controls.

There are certain circumstances where each step of the risk management process must occur.

This page explains when to review and revise risk controls for sexual harassment in the working environment. This is Step 4 of the risk management process.

Compliance code: Psychological health

Your duty

Employers have a duty to review and, if necessary, revise the control measures in place when certain circumstances occur.

Reviewing risk controls involves examining whether the control measures are effectively controlling risks, so far as is reasonably practicable.

Where a review finds that the control measures in place are not adequately controlling the risk, they must be revised so that they are controlling the risk, so far as is reasonably practicable.

Reviewing risk controls

Employers must review and, if necessary, revise sexual harassment risk control measures:

  • before any alteration is made to any thing, process or system of work that is likely to result in changes to risks associated with psychosocial hazards
  • if there is new or additional information about a psychosocial hazard available to the employer
  • if an employee, or a person on their behalf, reports a psychological injury or psychosocial hazard to the employer
  • after any incident occurs to which Part 5 of the OHS Act applies that involves a psychosocial hazard or hazards (notifiable incident)
  • if, for any other reason, the risk control measures do not adequately control the risks associated with a psychosocial hazard
  • after receiving a request from a health and safety representative (HSR).

How a review is conducted will vary depending on the situation. For example, in some cases a brief analysis may be sufficient. At other times, a documented, in-depth review may be required.

When deciding how a review is conducted, consider the following points:

  • the nature of the hazard(s) or incident
  • the level of risk involved
  • the complexity of the situation
  • any repeated exposure to incidents of a similar nature
  • the number of employees involved or affected
  • other people involved, such as clients, customers, patients or students
  • for larger employers, whether an organisational response is required to manage the risk in a systematic way across multiple work sites or locations.

For more information about how to review risk controls, see Part 3, Step 4 of the Psychological Health compliance code. This includes:

  • the duty to consult employees and any HSRs
  • how to determine if risk controls are reducing this risk of harm, so far as is reasonably practicable
  • if risk controls have unintentionally introduced new risks or increased other risks.

Also see Preventing and managing sexual harassment – case studies for real-life examples of how employers can review and revise risk controls.

Revising risk controls

If the review finds that risk controls are not reducing the risk, so far as is reasonably practicable, the risk controls must be revised.

Employers need to:

  • go back through the risk management process
  • review information
  • make further decisions about risk controls.

Further information